ISO/IEC 20000-1:2018 Upgrade Planner & Delta Checklist

NSF International

ISO/IEC 20000-1:2018 Upgrade

Planner & Delta Checklist

Document #: 20519; Revision: 01; Status: Release; Release Date: 20 Aug 2019; Printed on: 2 Aug 2021
This is a confidential document and may be reproduced only with the permission of NSF. Page 1 of 13
ISO/IEC 20000-1 Information Technology - Service Management registration provides a set of uniform requirements for a service management system. Several quality
management principles including a strong customer focus, support of top management, the process approach and continual improvement form the basis for the
standard.

Upgrade Planner and Delta Checklist Overview

This document was created as an optional tool to aid in the transition from ISO/IEC 20000-1:2011 to ISO/IEC 20000-1:2018. The document provides mapping from the
new 2018 version to the old 2011 version of ISO/IEC 20000-1 providing more insight into where new clauses have been added to the updated 2018 standard.

Important Dates
 September 14, 2018: ISO/IEC 20000-1:2018 was published by ISO, beginning the three-year transition period.
 March 30, 2020: Last date for initial audits to the 2011 version. After this date, we will no longer be allowed to perform recertifications to the 2011 version.
 June 15, 2021: Target date for all clients to schedule their transition audits. 
 September 30, 2021: The three-year transition period ends, and all ISO/IEC 20000-1:2011 certifications expire.

Key Edition Revisions

Below are some key edition revisions to be aware of throughout your organizations transition.
 Integrates and aligns service management with organizational strategic direction
 Improved service performance and value
o Easier application of varying methodologies (i.e. Agile, Devops, ITIL, Lean, SIAM, VeriSM)
o Reduction of documentation and procedures
 Focus on service management system and service outcomes rather than outputs
 Includes the new high-level structure of all new ISO management standards, creating an opportunity for integration of management systems
 Clear transition path from 2011 edition to 2018 edition

Document #: 20519; Revision: 01; Status: Release; Release Date: 20 Aug 2019; Printed on: 2 Aug 2021
This is a confidential document and may be reproduced only with the permission of NSF. Page 2 of 13
 ISO/IEC 20000-1:2018 Upgrade Planner and Delta Checklist
Instructions:
1. Highlighted areas should be completed by the Client Organization prior to the off-site review, or on-site Gap Analysis or Upgrade Audit, and submitted to the NSF-ISR Lead Auditor for
review.
2. Completion by the Client Organization should include the final statement of readiness for Upgrade by the Top Management of the Client Organization.
3. The columns for “Planned Completion Date” and Responsibility” may be used by the Client Organization to develop their plan for upgrading their SMS to the requirements of ISO/IEC
20000-1:2018.
4. All other areas of the Checklist are required to be completed by the NSF-ISR Lead Auditor to confirm the effective implementation of the Client Organization’s ISO/IEC 20000-1:2018
Service Management System.
5. The Lead Auditor shall sign the appropriate sections at the end of the Checklist to indicate: whether the Client Organization is Ready/Not Ready for Upgrade Audit (Off-site review),
AND the final approval of the SMS in meeting the requirements of ISO/IEC 20000-1:2018 (during the on-site Upgrade Audit)
6. This checklist shall be submitted by the NSF-ISR Lead Auditor as one of the records of the ISO/IEC 20000-1:2018 Upgrade for the Client Organization.

Organization Name:
Organization Address:
1st Shift :
Number of Personnel: 2nd Shift :
3rd Shift :
Temp. / Part-time :
Other locations included in this registration:
Management Contact:
Name and Revision Status of QMS
documentation:
FRS Number:
Off-site Review Date (Desk Audit):
Audit Dates (on-site):
Lead Auditor / Audit Team:
Scope of Registration:
ISO/IEC 20000-1:2018 Clauses that are Not
Applicable to the scope of the SMS (4.3):
The interval between the client Delta Review and the Upgrade Audit should not exceed 90 days.

Document #: 20519; Revision: 01; Status: Release; Release Date: 20 Aug 2019; Printed on: 2 Aug 2021
This is a confidential document and may be reproduced only with the permission of NSF. Page 3 of 13
IMPORTANT: It is required that your Organization’s registered ISO/IEC 20000-1:2011 SMS remains compliant with that version of the Standard
until the Transition to ISO/IEC 20000-1:2018 is complete and verified by the NSF-ISR Lead Auditor.
Level of
Reference Document
Completion Planned
(Name / Rev. Level)
Question / Requirement 0=Not Started Completion Responsibility NSF-ISR Lead Auditor Review Comments
OR
10=Completed Date
Records
& Implemented
4. Context of the organization

 Evidence of determination of
Understanding the Organization
and its Context (4.1)
 How does your organization
address:
 any internal and
external factors affecting the
organization and its ability to
achieve the intended
outcomes?
 any interested
parties and their
requirements?
 How does your organization
address the requirements to
"establish, implement, maintain
and continually improve a service
management system (SMS)"?

5. Leadership

How does your organization address

the updated requirements which now
emphasize:

 delivering value to
customers?
 control of other parties
involved in the service lifecycle?
 integrating SMS requirements
into the organization's processes?
 assigning and communicating
responsibilities?
 continual improvement?

Question / Requirement Level of Planned Responsibilit Reference Document NSF-ISR Lead Auditor Review Comments

Document #: 20519; Revision: 01; Status: Release; Release Date: 20 Aug 2019; Printed on: 2 Aug 2021
This is a confidential document and may be reproduced only with the permission of NSF. Page 4 of 13
 Completion
0=Not Started (Name / Rev. Level)
Completion
10=Complete y OR
Date
d& Records
Implemented
6. Planning
How does your organization’s system
address:

 Additional requirements
added regarding planning
considerations for the SMS?
 Establishing service
management objectives at all
relevant levels?
 Managing risks?
 Identifying opportunities?

7. Support of the service

management system
How does your organization’s system
address:
Staff awareness of their contribution to
the effectiveness of the SMS and the
provision of services?

 Additional requirements for

internal and external
communications?
 Requirements for
documented information to
include appropriate identification
and description, be stored in
suitable format and be subject
to review and approval?
 Requirement for
documented information to be
available and suitable for use,
as well as adequately
protected?
 Inclusion of external
documents, contracts with
external suppliers and
agreements with internal
suppliers as documented
information?
 Requirements for

Document #: 20519; Revision: 01; Status: Release; Release Date: 20 Aug 2019; Printed on: 2 Aug 2021
This is a confidential document and may be reproduced only with the permission of NSF. Page 5 of 13
 knowledge management?

Level of
Reference Document
Completion Planned
Responsibilit (Name / Rev. Level)
Question / Requirement 0=Not Started Completion NSF-ISR Lead Auditor Review Comments
y OR
10=Completed Date
Records
& Implemented

8.1 Operational planning and control

How does your organization’s system
address:

 The requirement to control

changes to the SMS, review the
consequences of unintended
changes and take corrective
action if necessary?
 The requirement to integrate
services and processes that are
provided or operated by internal or
external parties?
 The requirement to
coordinate activities with third
parties involved in the service
lifecycle?

8.2 Service portfolio

How does your organization’s system
address:

 The requirement to determine

criticality of services, as well as
duplication between services?
 Maintaining accountability
regardless of which party is
involved in performing activities to
support the service lifecycle?
 The use of external parties to
provide or operate processes,
services or service components?
 The requirement that services
are to be classified as
Configuration Items (CIs)?
 The requirement to record
configuration information to a level
of detail appropriate to the
criticality and type of services?

Document #: 20519; Revision: 01; Status: Release; Release Date: 20 Aug 2019; Printed on: 2 Aug 2021
This is a confidential document and may be reproduced only with the permission of NSF. Page 6 of 13
 Level of
Reference Document
Completion Planned
Responsibilit (Name / Rev. Level)
Question / Requirement 0=Not Started Completion NSF-ISR Lead Auditor Review Comments
y OR
10=Completed Date
Records
& Implemented
8.3 Relationship and agreement
How does your organization’s system
address:

 The use of suppliers to

provide or operate services,
service components or (parts of)
processes?
 The requirement that
contracts shall specify
requirements and define
contractual obligations and other
responsibilities?

8.4 Supply and demand

How does your organization’s system
address:

 The requirements for

budgeting and accounting for
services?
 The requirements for capacity
management?
8.5 Service design, build and
transition
How does your organization’s system
address:

 Requirements for assessing

new or changed services in the
scope of change management?
 Considerations for assessing
changes?
 Requirements for the
transferal of services to other
parties?
 Requirement for CIs affected
by new or changed services to be
managed through configuration
management?

Document #: 20519; Revision: 01; Status: Release; Release Date: 20 Aug 2019; Printed on: 2 Aug 2021
This is a confidential document and may be reproduced only with the permission of NSF. Page 7 of 13
 Level of
Reference Document
Completion Planned
Responsibilit (Name / Rev. Level)
Question / Requirement 0=Not Started Completion NSF-ISR Lead Auditor Review Comments
y OR
10=Completed Date
Records
& Implemented
8.6 Resolution and fulfilment

 How does your organization’s

system address the requirement to
record actions taken to resolve
incidents, problems and service
requests?

8.7 Service assurance

How does your organization’s system
address:
 Requirement for service availability
to be documented?
 Requirement to assess security
risks at planned intervals?
 Requirement to control information
security risks related to external
organizations?
 Requirement regarding the
procedure to be used for dealing
with security incidents?
9. Performance evaluation
How does your organization’s system
address:

 Updated requirements
regarding monitoring and
measurement?
 Requirement that the
management review shall include
consideration of measured
performance and effectiveness of
the SMS and the services?
10. Improvement
How does your organization’s system
address:

Document #: 20519; Revision: 01; Status: Release; Release Date: 20 Aug 2019; Printed on: 2 Aug 2021
This is a confidential document and may be reproduced only with the permission of NSF. Page 8 of 13
  New/changed requirements
added regarding nonconformity
and corrective action?
 Requirement that evaluation
criteria be aligned with the service
management objectives?
Approval Name / Title Signature Date
Client Organization Top Management
attests readiness for Upgrade to ISO/IEC
20000-1:2018
NSF-ISR Lead Auditor Approval of
Compliance to ISO/IEC 20000-1:2018 at
On-site Upgrade Audit.
The completed Checklist shall be submitted by the NSF-ISR Lead Auditor as a supplement to the ISO/IEC 20000-1:2018 Audit Report for the transition audit
only.

Document #: 20519; Revision: 01; Status: Release; Release Date: 20 Aug 2019; Printed on: 2 Aug 2021
This is a confidential document and may be reproduced only with the permission of NSF. Page 9 of 13
Document #: 20519; Revision: 01; Status: Release; Release Date: 20 Aug 2019; Printed on: 2 Aug 2021
This is a confidential document and may be reproduced only with the permission of NSF. Page 10 of 13
 ISO/IEC 20000-1:2018 ISO/IEC 20000-1:2011
(New updated standard) (Old standard)
4 Context of the organization 4.1 Management responsibility
4.5.1 Define scope
4.5.2 Plan the SMS (Plan)
7.1 Business relationship management
4.1 Understanding the organization and its New clause
Context
4.2 Understanding the needs and expectations of 4.1.4 Management representative
interested parties 7.1 Business relationship management
4.3 Determining the scope of the service 4.5.1 Define scope
management system
4.4 Service management system 4.1.1 Management commitment
4.5.3 Implement and operate the SMS (Do)
5 Leadership 4.1 Management responsibility
5.1 Leadership and commitment 4.1.1 Management commitment
5.2 Policy 4.1.2 Service management policy
5.2.2 Communicating the service management 4.1.2 Service management policy
policy
5.3 Organizational roles, responsibilities and 4.1.3 Authority, responsibility and communication
Authorities 4.1.4 Management representative
6 Planning 4.1.1 Management commitment
4.5.2 Plan the SMS (Plan)
6.6.1 Information security policy
6.1 Actions to address risk and opportunities 4.1.1 Management commitment
4.5.2 Plan the SMS (Plan)
6.6.1 Information security policy
6.2 Service management objectives and planning 4.1.1 Management commitment
to achieve them
6.2.1 Establish objectives 4.1.1 Management commitment
6.2.2 Plan to achieve objectives New clause
6.3 Plan the service management system 4.5.2 Plan the SMS (Plan)
7 Support of the service management system 4.1 Management responsibility
4.3 Documentation management
4.4 Resource management
7.1 Resources 4.4.1 Provision of resources
7.2 Competence 4.4.2 Leadership
7.3 Awareness 4.1.1 Management commitment
4.1.2 Service management policy
4.4.2 Human resource
7.4 Communication 4.1.3 Authority, responsibility and communication
7.5 Documented information 4.3 Documentation management
7.5.1 General 4.3.1 Establish and maintain documents
7.5.2 Creating and updating documented 4.3.2 Control of documents
Information
7.5.3 Control of documented information 4.3.2 Control of documents
4.3.3 Control of records
7.5.4 Service management system documented 4.3.1 Establish and maintain documents
Information
7.6 Knowledge New clause

Document #: 20519; Revision: 01; Status: Release; Release Date: 20 Aug 2019; Printed on: 2 Aug 2021
This is a confidential document and may be reproduced only with the permission of NSF. Page 11 of 13
 8 Operation 4 Service management system general requirements
5 Design and transition of new or changed
services
6 Service delivery processes
7 Relationship processes
8 Resolution processes
9 Control processes
8.1 Operational planning and control 4.1.4 Management representative
4.2 Governance of processes operated by other
parties
4.5.3 Implement and operate the SMS (Do)
9.2 Change management
8.2 Service portfolio 4.1.4 Management representative
4.2 Governance of processes operated by other
parties
4.5.3 Implement and operate the SMS (Do)
5.2 Plan new or changed services
6.1 Service level management
9.1 Configuration management
8.2.1 Service delivery 4.5.3 Implement and operate the SMS (Do)
8.2.2 Plan the services 4.1.4 Management representative
5.2 Plan new or changed services
8.2.3 Control of parties involved in the service 4.2 Governance of processes operated by other
lifecycle parties
5.2 Plan new or changed services
8.2.4 Service catalogue management 6.1 Service level management
8.2.5 Asset management 4.1.4 Management representative
8.2.6 Configuration management 9.1 Configuration management
8.3 Relationship and agreement 6.1 Service level management
6.2 Service reporting
7 Relationship processes
8.3.1 General 7.2 Supplier management
8.3.2 Business relationship management 6.2 Service reporting
7.1 Business relationship management
8.3.3 Service level management 6.1 Service level management
6.2 Service reporting
8.3.4 Supplier management 6.1 Service level management
7.2 Supplier management
8.3.4.1 Management of external suppliers 7.2 Supplier management
8.3.4.2 Management of internal suppliers and 6.1 Service level management
customers acting as a supplier
8.4 Supply and demand 6.4 Budgeting and accounting for services
6.5 Capacity management
8.4.1 Budgeting and accounting for services 6.4 Budgeting and accounting for services
8.4.2 Demand management 6.5 Capacity management
8.4.3 Capacity management 6.5 Capacity management
8.5 Service design build and transition 5 Design and transition of new or changed
services
9 Control processes
8.5.1 Change management 5.1 Design and transition of new or changed
services, General
6.3 Service continuity and availability management
6.6 Information security management
9.2 Change management
8.5.1.1 Change management policy 9.2 Change management

8.5.1.2 Change management initiation 5.1 Design and transition of new or changed
services, General
9.2 Change management
8.5.1.3 Change management activities 6.3.2 Service continuity and availability plans

Document #: 20519; Revision: 01; Status: Release; Release Date: 20 Aug 2019; Printed on: 2 Aug 2021
This is a confidential document and may be reproduced only with the permission of NSF. Page 12 of 13
 6.3.3 Service continuity and availability monitoring
and testing
9.2 Change management
9.3 Release and deployment management
8.5.2 Service design and transition 5 Design and transition of new or changed
services
6.2 Service reporting
8.5.2.1 Plan new or changed services 5.2 Plan new or changed services
8.5.2.2 Design 5.3 Design and development of new or changed
services
8.5.2.3 Build and transition 5.3 Design and development of new or changed
services
5.4 Transition of new or changed services
6.2 Service reporting
8.5.3 Release and deployment management 9.1 Configuration management
9.3 Release and deployment management
8.6 Resolution and fulfilment 8.1 Incident and service request management
8.2 Problem management
8.6.1 Incident management 6.2 Service reporting
8.1 Incident and service request management
8.6.2 Service request management 8.1 Incident and service request management
8.6.3 Problem management 8.2 Problem management
8.7 Service assurance 6.3 Service continuity and availability management
6.6 Information security management
8.7.1 Service availability management 6.3 Service continuity and availability management
8.7.2 Service continuity management 6.2 Service reporting
6.3 Service continuity and availability management
8.7.3 Information security management 6.6 Information security management
8.7.3.1 Information security policy 6.6.1 Information security policy
8.7.3.2 Information security controls 6.6.2 Information security controls
8.7.3.3 Information security incidents 6.6.3 Information security changes and incidents
9 Performance evaluation 4.5.4 Monitor and review the SMS (Check)
6.2 Service reporting
9.1 Monitoring, measurement, analysis and 4.5.4.1 Monitor and review the SMS (Check), General
evaluation
9.2 Internal audit 4.5.4.1 Monitor and review the SMS (Check), General
4.5.4.2 Internal audit
6.2 Service reporting
9.3 Management review 4.5.4.1 Monitor and review the SMS (Check), General
4.5.4.3 Management review
9.4 Service reporting 6.2 Service reporting
10 Improvement 4.5.5 Maintain and improve the SMS (Act)
10.1 Nonconformity and corrective action 4.5.4.2 Internal audit
4.5.5.1 Maintain and improve the SMS (Act), General
6.2 Service reporting
10.2 Continual improvement 4.5.5.1 Maintain and improve the SMS (Act), General
4.5.5.2 Management of improvements

Document #: 20519; Revision: 01; Status: Release; Release Date: 20 Aug 2019; Printed on: 2 Aug 2021
This is a confidential document and may be reproduced only with the permission of NSF. Page 13 of 13